This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re: Shell execution

To: Troy Noble <troy dot noble at channelpoint dot com>
Subject: Re: Shell execution
From: Wayne Willcox <wayne at reliant dot knighthammer dot com>
Date: Fri, 21 Sep 2001 14:30:01 -0500
Cc: "'egor duda'" <cygwin at cygwin dot com>, "'Upat54wo at aol dot com'" <Upat54wo at aol dot com>
References: <8F23E55D511AD5119A6800D0B76FDDE101A26A9B@cpex3.channelpoint.com>
Reply-To: Wayne Willcox <wayne at reliant dot immure dot com>

Also  if you net use m: /y /d then it will delete the map regardless
of if you are using it or not.  Of course this would be bad if you 
were still writing a file on m:/

On Fri, Sep 21, 2001 at 12:59:19PM -0600, Troy Noble wrote:
> > It works. In a way. Apart from gaping security hole there's another
> > big problem with letters. Your script may just silently die before
> > reaching '/winnt/system32/net use /d m:' line. In that case (at least
> > on NT 4.0) you'll be left with exiting, but unaccessible, undeletable
> > and unchangeable 'm:'. Next time your script won't be able to run at
> > all. You'll need to restart your machine to get rid of it
> 
> Absolutely... you have to be careful when you write your script ;->
> 
> > So, i strongly suggest using UNC everywhere where possible.
> 
> Agreed, whenever possible.
> 
> But I will add that if the share you are trying to get at is not
> open for Everyone, or is in another domain, or some other security
> restriction prevents you being able to see it via UNC... you
> can fairly safely pass your credentials across before you
> first try to access any files on the UNC share using:
> 
> /winnt/system32/net use '\\hostname\ipc$' yourpassword
> '/user:YOURDOMAIN\yourusername'
> 
> I've had to do this in some cases, and it works equally
> well.  Same security hole applies of course.
> 
> But it's better than leaving my share open for Everyone WRITE
> and thus being subject to the Nimba-type virus (or whatever
> it was called) that got passed
> around earlier this week ;->  It takes advantage of the
> fact that lots of people like to create shares to their drives
> with Everyone WRITE enabled.
> 
> Troy
> 
> -----Original Message-----
> From: egor duda [mailto:deo@logos-m.ru]
> Sent: Friday, September 21, 2001 12:49 PM
> To: Troy Noble
> Cc: 'Upat54wo@aol.com'; cygwin@cygwin.com
> Subject: Re: Shell execution
> 
> 
> Hi!
> 
> Friday, 21 September, 2001 Troy Noble troy.noble@channelpoint.com wrote:
> 
> >>From /usr/doc/Cygwin/cron.README:
> 
> TN> "On NT/W2K run cron under SYSTEM account
> TN> as service to use that feature. Note that you don't have access to
> TN> net shares in the child processes then."
> 
> TN> Which means m: (and thus /cygdrive/m) 
> TN> is likely not mapped when your cron job is running...
> TN> as you discovered.
> 
> TN> Search the archives for similar discussions on this
> TN> subject.  A search on Google for cygwin +cron +mount +username
> TN> should do the trick I'd imagine.
> 
> TN> A nifty little trick I've learned... if you don't mind
> TN> storing your NT username and password in a plain text file
> TN> somewhere on your disk (like in your script):
> 
> TN> /winnt/system32/net use m: '\\hostname\sharename' yourpassword
> TN> '/user:YOURDOMAIN\yourusername'
> 
> TN> and later before your script exits
> 
> TN> /winnt/system32/net use /d m:
> 
> TN> The security hole that this opens up should be obvious to
> TN> the casual observer... but it is effective nonetheless.
> 
> It works. In a way. Apart from gaping security hole there's another
> big problem with letters. Your script may just silently die before
> reaching '/winnt/system32/net use /d m:' line. In that case (at least
> on NT 4.0) you'll be left with exiting, but unaccessible, undeletable
> and unchangeable 'm:'. Next time your script won't be able to run at
> all. You'll need to restart your machine to get rid of it
> 
> So, i strongly suggest using UNC everywhere where possible.
> 
> Egor.            mailto:deo@logos-m.ru ICQ 5165414 FidoNet 2:5020/496.19
> 
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting:         http://cygwin.com/bugs.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/

-- 
Slowly and surely the unix crept up on the Nintendo user ...
Wayne Willcox                          I will not eat green eggs and ham
wayne@reliant.immure.com                     I will not eat them Sam I Am!!
A wise person makes his own decisions, a weak one obeys public opinion.
                -- Chinese proverb

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

References:
- RE: Shell execution
  - From: Troy Noble

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]